Summary

- - Companies of all sizes have a variety of endpoints, such as computers, mobile devices and servers.
  - Endpoint security is necessary to protect against malicious attacks from hackers. 
  - 64% of organizations have experienced one or more compromising endpoint attacks. 
  - Solutions for addressing password vulnerabilities include training employees, MFA and biometrics
  - Stop malware infection before OS boot
  - Regularly update endpoint security software and firmware
  - Use modern device & user authentication methods such as contextual authentication & Zero Trust approach to ensure network access is secure at all times .        
  - Apply security policies throughout the entire device lifecycle including when first issued, moved between users or retired from use .       
  - Prepare in advance for potential loss/theft through backup solutions & remote lock/wipe capabilities provided by endpoint security tools

Protecting Your Business: Simple how to Guide to Endpoint Security

endpoint detection protection

Endpoints represent a large portion of your organization’s network and IT infrastructure; think computers, mobile devices, servers, smart gadgets, and other Internet-of-Things (IoT) components that are all linked to the corporate system. Depending on size, businesses with fewer than 50 employees tend to have an estimated 20+ endpoints, while small companies with 50 – 100 staff boast around 115 devices. On the enterprise level where there are typically more than 1000 workers present? We’re talking an average of almost 2000!

Endpoint security strategies are essential to protect companies from the risk of malicious hacker attacks. Hackers can use these devices to plant malware or access sensitive information, and studies show that 64% of organizations have already experienced a compromising endpoint attack! Fortunately, this guide provides you with effective solutions that focus on protecting your endpoint devices and keeping them secure.

Prevent Malware Infection Prior to Booting into Windows

USB jump drives, are a frequently used promotional item at conferences and trade shows. However, these seemingly harmless giveaways can actually leave your computer vulnerable to a cybersecurity attack.

For example, one of their many tactics for gaining access is through malicious code written on USB devices which cause the machine to boot from the USB drive instead when left in the machine. Luckily there’s a way we can protect our systems against this danger: by making sure that both Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security are enabled in order to prevent boot into rouge devices.

TPM is now a must have if you run a windows 11 machine and this piece of hardware is not susceptible to physical and malware tampering. It constantly evaluates whether the boot process is successfully taking place, as well as detects any irregular behavior. To ensure optimal security, try searching for USB boots that can be disabled quickly and easily with specialized devices or solutions. Interesting fact, this piece of hardware was not present on older machines, therefore, Microsoft decided to make this a must feature on your computer in order to be able to run Windows 11 and future releases.

Password Vulnerabilities

endpoint protection

Passwords, despite being a seemingly small aspect of endpoint security, are actually a major vulnerability. We constantly hear about large-scale data breaches caused by leaked passwords, (such as the infamous RockYou2021 breach), which exposed a staggering 3.2 billion passwords. This highlights the dire need for proper password security, and highlights the danger of credential theft in the realm of cybersecurity. To combat this, organizations should take a multi-pronged approach:

Training employees on best practices for password creation and handling Checkout this guide on creating complex passwords

Exploring password-less solutions such as biometrics

Requiring multi-factor authentication (MFA) on all accounts

These measures will go a long way in fortifying endpoint security and protecting against password-related breaches.

Stick to Security Policies Throughout the Device-Lifecycle

endpoint evolution

What the heck is a Device-Lifecycle Security Policy you might wonder?

Security Policies throughout the device lifecycle refer to the set of guidelines and procedures that you should put in place, that will determine how the security of your devices is handled. These guidelines start from the moment they are acquired, to the time they are decommissioned, and they apply to anything that can be considered an endpoint (coffee maker not included unless it has Wi-Fi capabilities) :-). These policies cover all stages of the device lifecycle, including; procurement, deployment, operation, maintenance, and retirement.

Procurement Stage

During the procurement stage, organizations should ensure that the devices they acquire meet their security requirements, and have the necessary security features, such as capabilities to run the latest Operating System and security releases. There is a standardized encryption process, and things such as firewalls are licensed and supported to receive the latest vulnerabilities and updates. Typically, if you have any questions regarding this process, it’s a good idea to find a good knowledgeable vendor that help guide you in your decision. Also, keep in mind that most of them are sales people with little to no knowledge of your infrastructure or your systems, so, take this advice with a grain of salt as they could just try and put you into a product with highest commission for them. If you have a Managed Services Provider (MSP) or Managed Security Services Provider (MCSSP) that has a much deeper knowledge and understanding of your systems, they can provide the best feedback in the procurement process. Typically, companies such as AlphaCIS will procure and warranty the equipment they install giving you a piece of mind.

Deployment Stage

When deploying the devices, organizations should implement security controls, such as antivirus software and intrusion detection systems, to protect the devices from potential threats. This should also be a standardized process that all devices go through, (depending on the device). For example, when we deploy machines there is a checklist per client that can include things such as: join the Active Directory, (Azure or on-prem), install our remote management application, and the security suite to name a few.

Operational Stage

The operation stage is when the devices are in use and organizations should ensure that the devices are configured securely, that security software is up-to-date, and that users are trained on how to use the devices safely. Typically, ensuring that users don’t have elevated permissions on their devices is a great first step. This is why we always recommend utilizing a domain of some sort, such as Azure. This allows for more granular control over what a user can and can’t do on their machine. Running and monitoring endpoint agents can help protect end users by performing advanced threat detection, and by preventing an end user from accessing certain websites, or executing certain scripts and software.

Maintenance Stage

The maintenance stage is when organizations perform regular security checks and updates to ensure that the devices remain secure. This includes: patching software vulnerabilities, performing backups, and monitoring the devices for any unusual activity.

Retirement Stage

Finally, in the retirement stage, organizations should properly decommission the devices to prevent them from becoming a security risk. This includes wiping the devices of any sensitive data and physically destroying them if necessary. Typically, a Managed IT Services Provider (MSP) will take care of the whole process, or you can find a 3rd party vendor that will properly dispose of the electronics.

Overall, security policies throughout the device lifecycle are essential for ensuring that devices all adhere to the same policy. It’s a combined multi-step effort in order to ensure that all vital company endpoints are protected.

Prepare for Device Loss or Theft

Don’t leave your business vulnerable if a mobile device or laptop goes missing! Have an immediate plan in place that safeguards data and protects company accounts. Be proactive by investing in backup solutions ahead of time, as well as endpoint security with remote lock and wipe capabilities for each device.

This way, you can rest assured knowing you have taken the necessary measures to protect yourself from potential risks, should they arise.

Need some help reducing your endpoint risk?

AlphaCIS is a technology support provider of Managed IT Services (MSP) and Managed Security Services Provider (MSSP) for businesses in the metro Atlanta area. If your business needs help securing endpoints or developing corporate security policies. Reach out by booking an appoint or call calling (678) 619-1218.

Dmitriy Teplinskiy

I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity

All author posts

April 14, 2024

Protecting Your Business: Simple Guide to Endpoint Security